Thick domain name whois is getting closer

The transition from Thin to Thick WHOIS for the .com, .net and .jobs extensions is coming soon and quite a few progress has been done.

The registry operator for .COM and .NET, Verisign, met the 1 May deadline to deploy the Operational Testing & Evaluation (OT&E) environment for registrars to test the migration of Thick WHOIS data to Verisign. There are currently approximately 37 active registrars that have submitted test transactions.

In preparation to complete the deployment to accept Thick WHOIS data, Verisign proposed amendments to the Registry-Registrar Agreements (RRAs) for .COM and .NET in order to have the legal framework necessary for Verisign to begin accepting registrar transmission of Thick data to the registry.

The proposed amendments would largely bring the .COM and .NET RRAs into alignment with all other Thick generic top-level domains (gTLDs) in terms of language for registrant consent for transmission of registration information. The proposed amendments also would incorporate language similar to most other registry agreements with respect to putting registrants on notice of the legal reasons why domain names could be subject to cancellation or transfer.

The RrSG expressed concerns about agreeing to the proposed amendments based on issues relating to the European Union’s General Data Protection Regulation (GDPR), which takes effect on 25 May 2018. As such, the next step outlined in the procedure is for the ICANN organization to consult with the registry operator and the RrSG to resolve these concerns.

In accordance with the procedure, ICANN began individual discussions with both parties in mid-May. On 22 May, Verisign and the RrSG participated in a first joint call on this topic. These discussions are continuing and all parties are collaborating in good faith toward a resolution.

Verisign’s letter stated that their test environment will remain available and they will continue to engage with ICANN and the Registrar Stakeholder Group regarding the proposed RRA. Verisign noted that they have not identified at this time, a need for an extension of either the 1 May 2018 Thick WHOIS deadline for all new .COM and .NET registrations or the 1 February 2019 deadline for the completion of the Thick WHOIS transition.

This means that while Verisign is able to meet the schedule for the technical requirements called out in the policy, the legal framework of the RRA that is necessary for Verisign to begin accepting Thick WHOIS data on 1 August 2017 has not yet been approved.

Although the ICANN organization could theoretically approve the proposed RRA amendments despite the objections of the RrSG, ICANN strives for consensus whenever possible. Therefore, ICANN believes it is beneficial to provide Verisign, ICANN, and the RrSG with more time to continue discussions in hopes of achieving a resolution, while still taking reasonable steps to comply with the policy.

To that end, the ICANN organization approved Verisign’s request for a 120-day extension of the 1 August 2017 date in the Thick WHOIS Transition Policy by which Verisign is required to deploy an Extensible Provisioning Protocol (EPP) mechanism and an alternative bulk transfer mechanism for .COM and .NET for registrars to migrate registration data for existing domain names. With this extension, the new date for Verisign’s compliance with the requirement is 29 November 2017.

The Thick WHOIS Implementation Review Team (IRT), registries, and registrars who are working together to complete the Thick Whois policy are acting in accordance with the previously announced implementation timeline.

At this time there are only 3 registries that are using a thin whois: .com, .net and .jobs but soon that will change.

About Konstantinos Zournas

Konstantinos studied Computer Engineering and Computer Science in London and lives in Athens, Greece. He works on domain names, websites and software development. Has been online since 1995 & domaining since 2002.

4 comments

GoDaddy is going to make a killing on WHOIS privacy, once this transition completes. The amount of spam is going to increase dramatically, because retrieving registrant info won’t be limited to requests that only originate from the registrar’s servers.